The Evils of MD5

The Evils of MD5

I have a new cause. I didn’t expect to have one, but we don’t always get to choose. Sometimes, the issues choose us. In February 2017, the cryptographic hashing algorithm SHA-1 was broken in practice. A practical collision was found, and published on the following website: https://shattered.io We have known for some time that SHA-1 is at the end of useful life and have begin moving to more secure algorithms. This got me to thinking about another hashing algorithm, MD5.

I first started using SHA-1 when I began in the industry around 1994. I was doing cryptographic software development and building early Public Key Infrastructure components. As I was doing work for the U.S. Federal Government, SHA-1 was the hash algorithm of choice. The competing hash algorithm at the time was MD5, invented in 1991, that was gaining popularity outside of the Government space. By 1996, the first weaknesses in MD5 were being discovered, and it was no longer recommended for use. Cryptographers were recommending shifting any usage to other algorithms, including SHA-1.

While reading the information on Shattered.io regarding the collision for SHA-1, I asked myself “how long until I stop seeing SHA-1 used in production systems”. Well, one way to learn is to look at what has happened in the past. MD5 has been discouraged since 1996. In 2017, we still routinely see products implementing MD5. Are you serious? A cryptographic algorithm that has been effectively compromised for 21 years is still in modern products?

So, after 21 years our industry has been incapable of ending our addiction to MD5. For what seems like no rational reason at this point, we continue to use and include this antiquated, broken algorithm in our cipher suites. The typical reason given for including it is to support “legacy” web browsers and clients. Let me ask one simple question: What version of Chrome, Firefox, Safari, or Edge should a computer user be running? The answer is: The latest one. There is no rational reason why production users should be running out of date web browsers in 2017. There are too many security vulnerabilities being patched on a regular basis to justify running out of date software.

Our industry needs to stop leaning on MD5 to provide what we believe is security. The writing has been on the wall since 1996. I really hope 21 years from now we are not dealing with insecurities caused by the usage of SHA-1.